Principal Cloud Security Architect
Requisition ID # 96140
Job Category : Information Technology
Job Level : Manager/Principal
Business Unit: Information Technology
The Cybersecurity team enables PG&E to achieve its mission by providing governance, oversight, and support of operational resiliency and asset safeguards in a relevant, timely and data-driven manner. The Cybersecurity team consists of security professionals in their chosen disciplines working together, to review the current cyber threat landscape and lend our expertise to help the company understand its security posture and act on the highest priority risks. The Cybersecurity team takes a proactive approach to security by focusing on the cyber risks PG&E faces. Our methodology and framework synthesize current legal, regulatory, and operating mandates with PG&E’s business goals and operations. By taking this information and focusing on the cyber risks unique to individual Lines of Business (LOB), Cybersecurity helps PG&E’s LOBs make informed decisions about where to invest their resources.
The Cloud Security Architect, Principal level in the Cloud Security Center of Excellence is responsible for ensuring the secure design and delivery of Cloud solutions to the Cloud COE. The architect will ensure requirements from Cyber Security Stakeholders such as the CSRS Architecture team, Cybersecurity Services team and SIOC are embedded into solutions delivery process. The architect will be a specialist in all aspects of information security management and leveraging cloud services in large-scale computing environments.
Thought Leadership Responsibility
- Acts as a role model and provides thought leadership
- Drives best practices, enforcing the highest standards
- Mentors and develops Cloud Security Engineers
- Viewed as a trusted advisor and maintains a high level of credibility with the Senior Leadership team
- Works with Cybersecurity Architecture to understand current strategy, adhere to standards, and influence roadmaps.
Ensures implementation of Security Standards
- Partners with Cybersecurity Architecture to review, refine or define security standards
- Ensures the Cloud COE is aware of security requirements and follows standards
Leads and influences the development of secure standardized solutions for all Cloud Environments
- Identity and Access Management (IAM), Identity Federation / SSO
- SIEM and Audit Logging (CloudTrail & Config, etc.)
- Threat and Vulnerability Detection and Remediation (PrismaCloud, GuardDuty)
- Micro-segmentation enforcement through CI/CD pipeline
- Cloud Native Perimeter security with WAF & Shield (DDOS)
- Data-in-transit / Certificate Management, Data-at-Rest / Key & Secret management
- Application security assessments
Evangelizes and educates Cloud COE team
- Works with cloud security engineers to propagates secure coding and continuous security within their applications
- Provides technical coaching and mentoring to accelerate the cloud security learning process across the security and IT organizations
- Partners with the DevOps and Architecture teams to reduce dependence on the Cloud Security Engineers for all security actions and increase security compliance in the build and run of applications.
- Manage yearly timetable for pen testing and vulnerability assessments.
- Create patch/vulnerability management framework and compliance testing
- Work with IT/OPS to ensure authorization/authentication structure meets security controls and compliance requirements
- Ensure Security controls are injected into the Software Development Lifecycle
- Operationalize Security Metrics for reporting and compliance
- Automate security incident reporting and alerting systems
- Bachelor’s Degree in Computer Science or job-related discipline or equivalent experience
- 10 years of experience Information Technology
- 5 year of experience in Cloud Technologies
- 6 years of IT security experience
- 6 years of experience in IT Architecture
- AWS-Amazon Web Services Certified Solutions Architect – Associate Certification
- Experience working in an Agile/Scrum Environment (tasking, etc. via Jira preferred)
- Specialist in Cloud computing technologies and workload transition challenges
- Knowledge of AWS Well Architected Framework and Cloud migration industry best practices
- Prior programming experience in at least ONE language: C++, java, Python, Ruby, bash, etc.
- Technical writing skills for documenting environments and operating procedures
- Extensive experience with industry compliance and security standards including PCI DSS, SOC1&2, ISO 27001, NIST/DoD, SAS70, FISMA, HIPAA, and NIST
- Experience with continuous security practices, including: threat modeling, threat and vulnerability management, secure coding practices, and automated penetration testing.
- Experience with security solutions such as WAF, IPS, and anti-DDOS systems
- Extensive experience with IT Compliance and risk management requirements (e.g. security, privacy, SOX, etc.)
- Experience with network / perimeter security platforms
- Extensive experience with encryption in-flight and at-rest practices, as well as certificate and secrets management, security event & incident management (SIEM) platforms.
- Extensive experience with infrastructure automation, infrastructure as code, automated application deployment, monitoring/telemetry, logging, reporting, and continuous delivery technologies
- Experience performing security assessments
- Extensive implementation experience with enterprise security solutions, privilege management, identity management and federation systems
- Experience as a thought leader to a talented group of engineers
- CISSP, CISA, CISM, IS027001 LA/LI, SANS (or equivalent experience)
- AWS Certified Solutions Architect – Associate (or equivalent experience)
- AWS Certified Solutions Architect – Professional (or equivalent experience)
- AWS Security – Specialty (or equivalent experience)
Knowledge, Skills, and Abilities:
- Ability to work in an Agile/Scrum environment, manage and deliver in sprints and work as a team
- Ability to multi-task and prioritize deadlines
- Ability to operate in cross-functional and multidisciplinary teams
- Customer focused with an attitude to deliver excellent customer outcomes
- Ability to think strategically about business, product, and technical challenges
- Ability to take ownership with a high sense of urgency and work like an entrepreneur
- Problem solving, analytics, and resolution skills
- Exceptional and effective verbal and written communication skills
- Demonstrated ability to effectively influence at the most senior levels (e.g. Sr Director, Vp, etc.)
- Ability and determination to learn new technologies alongside the team.